it is not just working for a bank of america where they have one homogenous system and can insert things and take things out. they have multiple systems. putting in new intrusion sufferers are monitoring tools and so forth, you have to approach these systems differently. that is part of the problem. basically to get away from that and not hold up, you move information, they took of the risk of by saying, look, these people are cleared. background investigations and, frankly, most of our focus was worried about outside intruders and not inside enters with threats. so, in the and to answer your question we have a situation where we had information sharing at this level. we had put in place and put -- took the risk of having monitoring tools and guards and pass words as well as people not fully implementing policy, not following security rules at this level. the problem is that is where we made our mistake. we allowed this to occur when we were sharing information at this level. but we were trying to fix today is not take this level of information sharing and move it down here is what you r